Replies: 1 comment
-
Just to make this more visible: |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
All changes
0.8.10
Fixed
#514
/#499
Thank you, @qtow, for your contributions
0.8.9
Fixed
#509
/#505
Thank you, @cjbarth, for your contributions
0.8.8
Fixed
#489
Thank you, @zorkow, for your contributions
0.8.7
Fixed
#485
/#486
Thank you, @bulandent, for your contributions
0.8.6
Fixed
#457
/#455
/#456
Thank you, @edemaine, @pedro-l9, for your contributions
0.8.5
Fixed
#452
/#453
Thank you, @fengxinming, for your contributions
0.8.4
Fixed
CVE-2022-39353
In case such a DOM would be created, the part that is not well-formed will be transformed into text nodes, in which xml specific characters like
<
and>
are encoded accordingly.In the upcoming version 0.9.0 those text nodes will no longer be added and an error will be thrown instead.
This change can break your code, if you relied on this behavior, e.g. multiple root elements in the past. We consider it more important to align with the specs that we want to be aligned with, considering the potential security issues that might derive from people not being aware of the difference in behavior.
Related Spec: https://dom.spec.whatwg.org/#concept-node-ensure-pre-insertion-validity
Thank you, @frumioj, @cjbarth, @markgollnick for your contributions
0.8.3
Fixed
#437
/#436
Thank you, @Supraja9726, for your contributions
0.8.2
Release 0.8.2
Fixed
>
as specified (fix(dom): Serialize>
as specified #395)#58
Other
nodeType
values to public interface description#396
#317
Object.assign
ponyfill#379
#378
Thank you @niklasl, @cburatto, @SheetJSDev, @pyrsmk for your contributions
0.8.1
Release 0.8.1
Fixes
#374
Docs
#365
#366
#358
,#376
#360
0.8.0
Release 0.8.0
Fixed
BREAKING CHANGE: Certain combination of line break characters are normalized to a single
\n
before parsing takes place and will no longer be preserved.#303
/#307
#49
,#97
,#324
/#314
#284
/#310
BREAKING CHANGE: If you relied on the not spec compliant preservation of literal
\t
,\n
or\r
in attribute values.To preserve those you will have to create XML that instead contains the correct numerical (or hexadecimal) equivalent (e.g.
	
,

,
).DOMImplementation
andXMLSerializer
fromlib/dom-parser.js
#53
/#309
BREAKING CHANGE: Use the one provided by the main package export.
removeChild
#343
/#355
Chore
#325
#111
/#304
Thank you @marrus-sh, @victorandree, @mdierolf, @tsabbay, @fatihpense for your contributions
Beta Was this translation helpful? Give feedback.
All reactions